@oscharko-dev/keiko-evidence 0.2.0

package/dist/connected-context-evidence.js

@@ -0,0 +1,197 @@
+// Connected-context evidence persistence (Issue #187). This records what Keiko inspected and
+// what metadata reached the model without persisting query text or excerpt content.
+import { createHash } from "node:crypto";
+import { HARNESS_VERSION, } from "@oscharko-dev/keiko-contracts";
+import { buildEvidenceReport } from "./report.js";
+import { createAuditRedactor, deepRedactStrings } from "./redaction.js";
+import { applyRetention } from "./retention.js";
+import { DEFAULT_RETENTION, EVIDENCE_SCHEMA_VERSION, } from "./types.js";
+function sha256Hex(value) {
+    return createHash("sha256").update(value).digest("hex");
+}
+function redactString(redact, value) {
+    return redact(value);
+}
+function byteLength(value) {
+    return Buffer.byteLength(value, "utf8");
+}
+function numberRecord(value) {
+    const out = {};
+    for (const [key, entry] of Object.entries(value)) {
+        if (typeof entry === "number") {
+            out[key] = entry;
+        }
+    }
+    return out;
+}
+function workspaceRootAuditId(workspaceRoot, redact) {
+    return `connected-context-root-${sha256Hex(redactString(redact, workspaceRoot)).slice(0, 16)}`;
+}
+function contextOf(input, redact) {
+    return {
+        workspaceRoot: workspaceRootAuditId(input.workspaceRoot, redact),
+        totalCandidates: input.pack.files.length + input.pack.omitted.length,
+        usedBytes: input.pack.usage.excerptBytes,
+        budgetBytes: input.pack.budget.excerptBytesMax,
+        droppedForBudget: input.pack.omitted.filter((entry) => entry.reason === "budget-exhausted")
+            .length,
+        entries: [],
+    };
+}
+function excerptOf(excerpt, redact) {
+    const redactedContent = redactString(redact, excerpt.content);
+    return {
+        atomStableId: redactString(redact, excerpt.atom.stableId),
+        scopePath: redactString(redact, excerpt.atom.scopePath),
+        ...(excerpt.atom.lineRange === undefined ? {} : { lineRange: excerpt.atom.lineRange }),
+        score: excerpt.atom.score,
+        provenanceKind: excerpt.atom.provenance.kind,
+        tool: redactString(redact, excerpt.atom.provenance.tool),
+        queryFingerprint: redactString(redact, excerpt.atom.provenance.queryFingerprint),
+        redactionState: excerpt.atom.redactionState,
+        contentBytes: excerpt.contentBytes,
+        contentSha256: sha256Hex(redactedContent),
+    };
+}
+function fileOf(file, redact) {
+    const excerpts = file.excerpts.map((excerpt) => excerptOf(excerpt, redact));
+    return {
+        scopePath: redactString(redact, file.scopePath),
+        role: file.role,
+        selectionReason: redactString(redact, file.selectionReason),
+        excerptCount: file.excerpts.length,
+        excerptBytes: file.excerpts.reduce((total, excerpt) => total + excerpt.contentBytes, 0),
+        excerpts,
+    };
+}
+function toolsUsed(pack, redact) {
+    const tools = new Set(["model-gateway"]);
+    for (const file of pack.files) {
+        for (const excerpt of file.excerpts) {
+            tools.add(redactString(redact, excerpt.atom.provenance.tool));
+        }
+    }
+    return [...tools].sort();
+}
+function scopeOf(input, redact) {
+    return {
+        schemaVersion: input.pack.scope.schemaVersion,
+        scopeIdHash: sha256Hex(redactString(redact, input.pack.scope.scopeId)),
+        scopeKind: input.pack.scope.kind,
+        selectedPathCount: input.pack.scope.relativePaths.length,
+        selectedPaths: input.pack.scope.relativePaths.map((path) => redactString(redact, path)),
+    };
+}
+function queryOf(input, redact) {
+    const safeQueryText = redactString(redact, input.pack.query.text);
+    return {
+        kind: input.pack.query.kind,
+        queryTextHash: sha256Hex(safeQueryText),
+        queryTextBytes: byteLength(safeQueryText),
+        maxResults: input.pack.query.maxResults,
+        caseSensitive: input.pack.query.caseSensitive,
+    };
+}
+function planOf(input, redact) {
+    if (input.plan === undefined || typeof input.plan.planId !== "string") {
+        return undefined;
+    }
+    const anchors = input.plan.anchors ?? [];
+    const rings = input.plan.rings ?? [];
+    const anchorKinds = {};
+    const anchorTermHashes = anchors
+        .map((anchor) => {
+        anchorKinds[anchor.kind] = (anchorKinds[anchor.kind] ?? 0) + 1;
+        return sha256Hex(redactString(redact, anchor.term));
+    })
+        .sort();
+    return {
+        planIdHash: sha256Hex(redactString(redact, input.plan.planId)),
+        state: input.plan.state,
+        createdAtMs: typeof input.plan.createdAtMs === "number" ? Math.max(0, input.plan.createdAtMs) : undefined,
+        anchorCount: anchorTermHashes.length,
+        anchorKinds,
+        anchorTermHashes,
+        ringKinds: rings.map((ring) => ring.kind).sort(),
+        clarificationReason: typeof input.plan.clarification?.reason === "string"
+            ? input.plan.clarification.reason
+            : undefined,
+    };
+}
+function summaryOf(input) {
+    return {
+        fileCount: input.pack.files.length,
+        citationCount: input.citationCount,
+        omittedCount: input.pack.omitted.length,
+        uncertaintyCount: input.pack.uncertainty.length,
+        elapsedMs: input.elapsedMs,
+    };
+}
+function connectedContextOf(input, redact) {
+    return {
+        packSchemaVersion: input.pack.schemaVersion,
+        packStableIdHash: sha256Hex(redactString(redact, input.pack.stableId)),
+        chatIdHash: input.chatId === undefined ? undefined : sha256Hex(redactString(redact, input.chatId)),
+        modelRequest: {
+            sentToModel: true,
+            excerptContentPersisted: false,
+        },
+        scope: scopeOf(input, redact),
+        query: queryOf(input, redact),
+        plan: planOf(input, redact),
+        budget: {
+            usage: numberRecord(input.pack.usage),
+            limits: numberRecord(input.pack.budget),
+        },
+        files: input.pack.files.map((file) => fileOf(file, redact)),
+        omitted: input.pack.omitted.map((entry) => ({
+            scopePath: redactString(redact, entry.scopePath),
+            reason: entry.reason,
+        })),
+        uncertainty: input.pack.uncertainty.map((entry) => ({
+            kind: entry.kind,
+            impactedAtomCount: entry.impactedAtomIds.length,
+        })),
+        toolsUsed: toolsUsed(input.pack, redact),
+        summary: summaryOf(input),
+    };
+}
+function buildConnectedContextEvidenceManifest(input, costClassResolver, redact = (value) => value) {
+    const identityDurationMs = Math.max(0, input.finishedAt - input.startedAt);
+    return {
+        evidenceSchemaVersion: EVIDENCE_SCHEMA_VERSION,
+        run: {
+            runId: input.runId,
+            fingerprint: sha256Hex(redactString(redact, input.pack.stableId)),
+            harnessVersion: HARNESS_VERSION,
+            taskType: "connected-context",
+            outcome: "completed",
+            startedAt: input.startedAt,
+            finishedAt: input.finishedAt,
+            durationMs: identityDurationMs,
+        },
+        model: {
+            modelId: input.modelId,
+            costClass: costClassResolver?.(input.modelId) ?? "unknown",
+        },
+        usageTotals: {
+            promptTokens: input.pack.usage.modelInputTokens,
+            completionTokens: input.pack.usage.modelOutputTokens,
+            requestCount: 1,
+            totalLatencyMs: input.elapsedMs,
+        },
+        context: contextOf(input, redact),
+        stateTransitions: [],
+        toolCalls: [],
+        commandExecutions: [],
+        connectedContext: connectedContextOf(input, redact),
+    };
+}
+export function persistConnectedContextEvidence(input, ctx) {
+    const redactor = createAuditRedactor({ additionalSecrets: ctx.additionalSecrets ?? [] }, ctx.env);
+    const manifest = buildConnectedContextEvidenceManifest(input, ctx.costClassResolver, redactor);
+    const safeManifest = deepRedactStrings(manifest, redactor);
+    const location = ctx.store.put(safeManifest.run.runId, JSON.stringify(safeManifest, null, 2));
+    applyRetention(ctx.store, ctx.retention ?? DEFAULT_RETENTION);
+    return { manifest: safeManifest, location, report: buildEvidenceReport(safeManifest, location) };
+}

package/dist/errors.d.ts

@@ -0,0 +1,3 @@
+export { AUDIT_CODES, AuditError, InvalidRunIdError, EvidenceWriteError, EvidenceReadError, EvidenceSchemaError, } from "@oscharko-dev/keiko-security/errors/audit";
+export type { AuditCode } from "@oscharko-dev/keiko-security/errors/audit";
+//# sourceMappingURL=errors.d.ts.map

package/dist/errors.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.d.ts","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAIA,OAAO,EACL,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,mBAAmB,GACpB,MAAM,2CAA2C,CAAC;AACnD,YAAY,EAAE,SAAS,EAAE,MAAM,2CAA2C,CAAC"}

package/dist/errors.js

@@ -0,0 +1,4 @@
+// Re-export shim: the audit error taxonomy now lives in @oscharko-dev/keiko-security
+// (issue #159, ADR-0019). All existing import sites (`from "./errors.js"`) keep resolving
+// unchanged via this barrel.
+export { AUDIT_CODES, AuditError, InvalidRunIdError, EvidenceWriteError, EvidenceReadError, EvidenceSchemaError, } from "@oscharko-dev/keiko-security/errors/audit";

package/dist/index-api.d.ts

@@ -0,0 +1,15 @@
+import type { RunOutcome } from "@oscharko-dev/keiko-contracts";
+import type { EvidenceStore } from "./store.js";
+import type { EvidenceManifest, EvidenceTaskType } from "./types.js";
+export interface EvidenceListEntry {
+    readonly runId: string;
+    readonly taskType: EvidenceTaskType;
+    readonly outcome: RunOutcome;
+    readonly startedAt: number;
+    readonly finishedAt: number;
+    readonly modelId: string;
+    readonly workspaceRoot?: string | undefined;
+}
+export declare function listEvidence(store: EvidenceStore): readonly EvidenceListEntry[];
+export declare function loadEvidence(store: EvidenceStore, runId: string): EvidenceManifest | undefined;
+//# sourceMappingURL=index-api.d.ts.map

package/dist/index-api.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index-api.d.ts","sourceRoot":"","sources":["../src/index-api.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAChD,OAAO,KAAK,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAGrE,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,UAAU,CAAC;IAC7B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7C;AA4ID,wBAAgB,YAAY,CAAC,KAAK,EAAE,aAAa,GAAG,SAAS,iBAAiB,EAAE,CAc/E;AAED,wBAAgB,YAAY,CAAC,KAAK,EAAE,aAAa,EAAE,KAAK,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS,CAM9F"}

package/dist/index-api.js

@@ -0,0 +1,136 @@
+// Evidence index/list API (ADR-0010 D5). listEvidence enumerates and loadEvidence loads past runs
+// reading ONLY the contained base dir via the EvidenceStore — never scanning arbitrary workspace
+// files. Because the persisted JSON is redacted by construction (D3), the loaded data is
+// redacted-by-construction: there is no un-redaction path. A manifest whose evidenceSchemaVersion is
+// not a recognised version is reported with a typed error (D5), not silently coerced. This is the
+// #13 UI seam.
+import { EvidenceReadError, EvidenceSchemaError } from "./errors.js";
+import { EVIDENCE_SCHEMA_VERSION } from "./types.js";
+// Parses raw JSON and verifies the schema version before trusting the shape. We narrow on the
+// version discriminant exactly as harness consumers narrow on the event schemaVersion (D2).
+// JSON.parse can throw a raw SyntaxError on a truncated/hand-edited manifest; the parse is a system
+// boundary (reading developer-writable files), so catching it and re-throwing a typed AuditError is
+// correct — the CLI maps AuditError to an exit code instead of leaking an unhandled stack (C1).
+function parseJson(json, runId) {
+    try {
+        return JSON.parse(json);
+    }
+    catch {
+        throw new EvidenceReadError(`evidence manifest is not valid JSON: ${runId}`);
+    }
+}
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function requireRecord(parent, key, runId) {
+    const value = parent[key];
+    if (!isRecord(value)) {
+        throw new EvidenceSchemaError(`evidence manifest is missing object field ${key}: ${runId}`, "1");
+    }
+    return value;
+}
+function requireArray(parent, key, runId) {
+    if (!Array.isArray(parent[key])) {
+        throw new EvidenceSchemaError(`evidence manifest is missing array field ${key}: ${runId}`, "1");
+    }
+}
+function requireString(parent, key, runId) {
+    if (typeof parent[key] !== "string") {
+        throw new EvidenceSchemaError(`evidence manifest is missing string field ${key}: ${runId}`, "1");
+    }
+}
+function requireNumber(parent, key, runId) {
+    if (typeof parent[key] !== "number" || !Number.isFinite(parent[key])) {
+        throw new EvidenceSchemaError(`evidence manifest is missing numeric field ${key}: ${runId}`, "1");
+    }
+}
+function requireOptionalRecord(parent, key, runId) {
+    const value = parent[key];
+    if (value !== undefined && !isRecord(value)) {
+        throw new EvidenceSchemaError(`evidence manifest has invalid object field ${key}: ${runId}`, "1");
+    }
+}
+function requireOptionalArray(parent, key, runId) {
+    const value = parent[key];
+    if (value !== undefined && !Array.isArray(value)) {
+        throw new EvidenceSchemaError(`evidence manifest has invalid array field ${key}: ${runId}`, "1");
+    }
+}
+function validateManifestShape(parsed, runId) {
+    const run = requireRecord(parsed, "run", runId);
+    requireString(run, "runId", runId);
+    requireString(run, "fingerprint", runId);
+    requireString(run, "harnessVersion", runId);
+    requireString(run, "taskType", runId);
+    requireString(run, "outcome", runId);
+    requireNumber(run, "startedAt", runId);
+    requireNumber(run, "finishedAt", runId);
+    requireNumber(run, "durationMs", runId);
+    const model = requireRecord(parsed, "model", runId);
+    requireString(model, "modelId", runId);
+    requireString(model, "costClass", runId);
+    const usage = requireRecord(parsed, "usageTotals", runId);
+    requireNumber(usage, "promptTokens", runId);
+    requireNumber(usage, "completionTokens", runId);
+    requireNumber(usage, "requestCount", runId);
+    requireNumber(usage, "totalLatencyMs", runId);
+    requireArray(parsed, "stateTransitions", runId);
+    requireArray(parsed, "toolCalls", runId);
+    requireArray(parsed, "commandExecutions", runId);
+    requireOptionalArray(parsed, "sandboxConfigurations", runId);
+    requireOptionalArray(parsed, "verificationResults", runId);
+    requireOptionalArray(parsed, "reasoning", runId);
+    requireOptionalRecord(parsed, "context", runId);
+    requireOptionalRecord(parsed, "patch", runId);
+    requireOptionalRecord(parsed, "verification", runId);
+    requireOptionalRecord(parsed, "failure", runId);
+    requireOptionalRecord(parsed, "browser", runId);
+    requireOptionalRecord(parsed, "connectedContext", runId);
+}
+function parseManifest(json, runId) {
+    const parsed = parseJson(json, runId);
+    if (!isRecord(parsed)) {
+        throw new EvidenceSchemaError(`evidence manifest is not an object: ${runId}`, "none");
+    }
+    const version = parsed.evidenceSchemaVersion;
+    if (version !== EVIDENCE_SCHEMA_VERSION) {
+        throw new EvidenceSchemaError(`unrecognised evidence schema version for ${runId}`, typeof version === "string" ? version : "none");
+    }
+    validateManifestShape(parsed, runId);
+    return parsed;
+}
+function toListEntry(manifest) {
+    return {
+        runId: manifest.run.runId,
+        taskType: manifest.run.taskType,
+        outcome: manifest.run.outcome,
+        startedAt: manifest.run.startedAt,
+        finishedAt: manifest.run.finishedAt,
+        modelId: manifest.model.modelId,
+        ...(manifest.context?.workspaceRoot === undefined
+            ? {}
+            : { workspaceRoot: manifest.context.workspaceRoot }),
+    };
+}
+export function listEvidence(store) {
+    const entries = [];
+    for (const runId of store.list()) {
+        const json = store.get(runId);
+        if (json === undefined) {
+            continue;
+        }
+        const parsed = parseJson(json, runId);
+        if (!isRecord(parsed) || typeof parsed.evidenceSchemaVersion !== "string") {
+            continue;
+        }
+        entries.push(toListEntry(parseManifest(json, runId)));
+    }
+    return entries;
+}
+export function loadEvidence(store, runId) {
+    const json = store.get(runId);
+    if (json === undefined) {
+        return undefined;
+    }
+    return parseManifest(json, runId);
+}

package/dist/index.d.ts

@@ -0,0 +1,20 @@
+export { KEIKO_EVIDENCE_VERSION } from "./version.js";
+export { buildEvidenceManifest } from "./build.js";
+export { persistEvidence, type PersistResult } from "./persist.js";
+export { createAuditRedactor, deepRedactStrings } from "./redaction.js";
+export { aggregateUsage } from "./aggregate.js";
+export { listEvidence, loadEvidence, type EvidenceListEntry } from "./index-api.js";
+export { applyRetention } from "./retention.js";
+export { buildEvidenceReport, renderEvidenceReport, type EvidenceReport } from "./report.js";
+export { assertValidRunId } from "./runid.js";
+export { buildWorkflowManifest, foldWorkflowUsage, persistWorkflowEvidence, type EvidencePersistContext, type WorkflowEventLike, type WorkflowRunIdentity, type WorkflowRunKind, type WorkflowTerminalStatus, } from "./workflow-evidence.js";
+export { persistConnectedContextEvidence, type ConnectedContextEvidenceContext, type ConnectedContextEvidenceInput, type ConnectedContextEvidencePersistResult, } from "./connected-context-evidence.js";
+export { createInMemoryEvidenceStore, createNodeEvidenceStore, DEFAULT_EVIDENCE_DIR, resolveEvidenceDir, type EvidenceStore, } from "./store.js";
+export { writeSideFile, type SideFileWriteResult, type SideFileWriterOptions, } from "./side-file.js";
+export { AUDIT_CODES, AuditError, EvidenceReadError, EvidenceSchemaError, EvidenceWriteError, InvalidRunIdError, type AuditCode, } from "./errors.js";
+export * as QualityIntelligence from "./qualityIntelligence/index.js";
+export { QUALITY_INTELLIGENCE_DEFAULT_RETENTION_PROFILE_ID, QUALITY_INTELLIGENCE_EVIDENCE_SCHEMA_VERSION, QUALITY_INTELLIGENCE_RETENTION_PROFILES, appendQualityIntelligenceExportRow, applyQualityIntelligenceRetention, createInMemoryQualityIntelligenceLocalStore, createNodeQualityIntelligenceLocalStore, deleteQualityIntelligenceRun, enforceQualityIntelligenceRetentionPolicy, getQualityIntelligenceRetentionProfile, listQualityIntelligenceRuns, loadQualityIntelligenceRun, quarantineCorruptQualityIntelligenceManifest, recordQualityIntelligenceRun, recordQualityIntelligenceCandidates, loadQualityIntelligenceCandidates, deleteQualityIntelligenceCandidates, applyQualityIntelligenceCandidateEdit, QUALITY_INTELLIGENCE_CANDIDATES_SCHEMA_VERSION, createNodeContainedJsonArtifactStore, redactQualityIntelligenceEvidence, snapshotQualityIntelligenceRunsForRecovery, validateQualityIntelligenceEvidenceManifest, FIGMA_SNAPSHOT_SCHEMA_VERSION, validateFigmaSnapshotRecord, createNodeFigmaSnapshotStore, enforceFigmaSnapshotRetention, DEFAULT_FIGMA_SNAPSHOT_MAX_RECORDS, type FigmaSnapshotImageRef, type FigmaSnapshotLinkRow, type FigmaSnapshotProvenanceRow, type FigmaSnapshotRecord, type FigmaSnapshotRedactionSummary, type FigmaSnapshotScreenRow, type FigmaSnapshotSkipReason, type FigmaSnapshotSkippedScreenRow, type FigmaSnapshotStructuralScreenRow, type FigmaSnapshotImageBytes, type FigmaSnapshotRetentionProfile, type FigmaSnapshotStore, type FigmaSnapshotStoreOptions, type FigmaSnapshotUserMetadata, type FigmaSnapshotValidationResult, type DeleteFigmaSnapshotResult, type RecordFigmaSnapshotInput, type RecordFigmaSnapshotResult, type RecordFigmaSnapshotScreenInput, type RecordFigmaSnapshotStructuralScreenInput, type UpdateFigmaSnapshotUserMetadataInput, type QualityIntelligenceCandidateRow, type QualityIntelligenceCandidatesArtifact, type RecordQualityIntelligenceCandidatesInput, type ApplyQualityIntelligenceCandidateEditInput, type ApplyQualityIntelligenceCandidateEditResult, type QualityIntelligenceCandidateEditErrorReason, type ContainedJsonArtifactStore, type ContainedJsonArtifactStoreOptions, type QualityIntelligenceDeleteOptions, type QualityIntelligenceDeletionReceipt, type QualityIntelligenceDeletionStatus, type QualityIntelligenceEvidenceManifest, type QualityIntelligenceBinaryExportMode, type QualityIntelligenceTraceabilityExportMode, type QualityIntelligenceEvidenceRefRow, type QualityIntelligenceExportEvidenceInput, type QualityIntelligenceExportRow, type QualityIntelligenceExportTarget, type QualityIntelligenceFindingRow, type QualityIntelligenceIntegrityHashes, type QualityIntelligenceLoadOptions, type QualityIntelligenceLocalStore, type QualityIntelligenceManifestTotals, type QualityIntelligenceNodeStoreOptions, type QualityIntelligenceProvenanceRefs, type QualityIntelligenceQuarantineOptions, type QualityIntelligenceQuarantineReceipt, type QualityIntelligenceRecordInput, type QualityIntelligenceRecordOptions, type QualityIntelligenceRecordResult, type QualityIntelligenceRecoverySnapshot, type QualityIntelligenceRedactionOptions, type QualityIntelligenceRedactionResult, type QualityIntelligenceRedactionSummary, type QualityIntelligenceRetentionDecision, type QualityIntelligenceRetentionDecisionInput, type QualityIntelligenceRetentionDeletionFailure, type QualityIntelligenceRetentionEnforcementOptions, type QualityIntelligenceRetentionEnforcementResult, type QualityIntelligenceRetentionResult, type QualityIntelligenceRunDeletedEvent, type QualityIntelligenceRunSnapshotEntry, type QualityIntelligenceSchemaValidationResult, type QualityIntelligenceCoverageMatrixRow, type QualityIntelligenceSourceFingerprintRow, } from "./qualityIntelligence/index.js";
+export * as PromptEnhancement from "./promptEnhancement/index.js";
+export { PROMPT_ENHANCEMENT_EVIDENCE_SCHEMA_VERSION, PE_SUBDIR, validatePromptEnhancementEvidenceManifest, redactPromptEnhancementEvidence, buildPromptEnhancementEvidenceManifest, createInMemoryPromptEnhancementLocalStore, createNodePromptEnhancementLocalStore, recordPromptEnhancementRun, loadPromptEnhancementRun, listPromptEnhancementRuns, type PromptEnhancementEvidenceStatus, type PromptEnhancementRedactionSummary, type PromptEnhancementRedactionOptions, type PromptEnhancementRedactionResult, type PromptEnhancementCandidateScoreRow, type PromptEnhancementSafetyRecord, type PromptEnhancementModelMetadata, type PromptEnhancementIntegrityHashes, type PromptEnhancementManifestTotals, type PromptEnhancementEvidenceManifest, type PromptEnhancementSchemaValidationResult, type PromptEnhancementRecordInput, type PromptEnhancementRecordOptions, type PromptEnhancementRecordResult, type PromptEnhancementLocalStore, type PromptEnhancementNodeStoreOptions, type PromptEnhancementLoadOptions, } from "./promptEnhancement/index.js";
+export { EVIDENCE_SCHEMA_VERSION, DEFAULT_RETENTION, type AuditRedactionConfig, type BuildOptions, type EvidenceBuildInput, type EvidenceCommandExecution, type EvidenceDeps, type EvidenceFailure, type EvidenceManifest, type EvidenceModel, type EvidenceBrowserCapture, type EvidenceBrowserContentCapture, type EvidenceBrowserEvent, type EvidenceBrowserEventType, type EvidenceBrowserScreenshot, type EvidenceBrowserViewportPx, type EvidenceConnectedContextAudit, type EvidenceConnectedContextExcerpt, type EvidenceConnectedContextFile, type EvidenceConnectedContextOmitted, type EvidenceConnectedContextQuery, type EvidenceConnectedContextScope, type EvidenceConnectedContextUncertainty, type EvidencePatch, type EvidenceReasoningEntry, type EvidenceRunIdentity, type EvidenceStateTransition, type EvidenceTaskType, type EvidenceToolCall, type EvidenceUsageTotals, type EvidenceVerificationResult, type RetentionPolicy, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAAE,eAAe,EAAE,KAAK,aAAa,EAAE,MAAM,cAAc,CAAC;AACnE,OAAO,EAAE,mBAAmB,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,KAAK,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACpF,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,KAAK,cAAc,EAAE,MAAM,aAAa,CAAC;AAC7F,OAAO,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAC9C,OAAO,EACL,qBAAqB,EACrB,iBAAiB,EACjB,uBAAuB,EACvB,KAAK,sBAAsB,EAC3B,KAAK,iBAAiB,EACtB,KAAK,mBAAmB,EACxB,KAAK,eAAe,EACpB,KAAK,sBAAsB,GAC5B,MAAM,wBAAwB,CAAC;AAChC,OAAO,EACL,+BAA+B,EAC/B,KAAK,+BAA+B,EACpC,KAAK,6BAA6B,EAClC,KAAK,qCAAqC,GAC3C,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACL,2BAA2B,EAC3B,uBAAuB,EACvB,oBAAoB,EACpB,kBAAkB,EAClB,KAAK,aAAa,GACnB,MAAM,YAAY,CAAC;AACpB,OAAO,EACL,aAAa,EACb,KAAK,mBAAmB,EACxB,KAAK,qBAAqB,GAC3B,MAAM,gBAAgB,CAAC;AACxB,OAAO,EACL,WAAW,EACX,UAAU,EACV,iBAAiB,EACjB,mBAAmB,EACnB,kBAAkB,EAClB,iBAAiB,EACjB,KAAK,SAAS,GACf,MAAM,aAAa,CAAC;AASrB,OAAO,KAAK,mBAAmB,MAAM,gCAAgC,CAAC;AACtE,OAAO,EACL,iDAAiD,EACjD,4CAA4C,EAC5C,uCAAuC,EACvC,kCAAkC,EAClC,iCAAiC,EACjC,2CAA2C,EAC3C,uCAAuC,EACvC,4BAA4B,EAC5B,yCAAyC,EACzC,sCAAsC,EACtC,2BAA2B,EAC3B,0BAA0B,EAC1B,4CAA4C,EAC5C,4BAA4B,EAC5B,mCAAmC,EACnC,iCAAiC,EACjC,mCAAmC,EACnC,qCAAqC,EACrC,8CAA8C,EAC9C,oCAAoC,EACpC,iCAAiC,EACjC,0CAA0C,EAC1C,2CAA2C,EAC3C,6BAA6B,EAC7B,2BAA2B,EAC3B,4BAA4B,EAC5B,6BAA6B,EAC7B,kCAAkC,EAClC,KAAK,qBAAqB,EAC1B,KAAK,oBAAoB,EACzB,KAAK,0BAA0B,EAC/B,KAAK,mBAAmB,EACxB,KAAK,6BAA6B,EAClC,KAAK,sBAAsB,EAC3B,KAAK,uBAAuB,EAC5B,KAAK,6BAA6B,EAClC,KAAK,gCAAgC,EACrC,KAAK,uBAAuB,EAC5B,KAAK,6BAA6B,EAClC,KAAK,kBAAkB,EACvB,KAAK,yBAAyB,EAC9B,KAAK,yBAAyB,EAC9B,KAAK,6BAA6B,EAClC,KAAK,yBAAyB,EAC9B,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,8BAA8B,EACnC,KAAK,wCAAwC,EAC7C,KAAK,oCAAoC,EACzC,KAAK,+BAA+B,EACpC,KAAK,qCAAqC,EAC1C,KAAK,wCAAwC,EAC7C,KAAK,0CAA0C,EAC/C,KAAK,2CAA2C,EAChD,KAAK,2CAA2C,EAChD,KAAK,0BAA0B,EAC/B,KAAK,iCAAiC,EACtC,KAAK,gCAAgC,EACrC,KAAK,kCAAkC,EACvC,KAAK,iCAAiC,EACtC,KAAK,mCAAmC,EACxC,KAAK,mCAAmC,EACxC,KAAK,yCAAyC,EAC9C,KAAK,iCAAiC,EACtC,KAAK,sCAAsC,EAC3C,KAAK,4BAA4B,EACjC,KAAK,+BAA+B,EACpC,KAAK,6BAA6B,EAClC,KAAK,kCAAkC,EACvC,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EAClC,KAAK,iCAAiC,EACtC,KAAK,mCAAmC,EACxC,KAAK,iCAAiC,EACtC,KAAK,oCAAoC,EACzC,KAAK,oCAAoC,EACzC,KAAK,8BAA8B,EACnC,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,EACpC,KAAK,mCAAmC,EACxC,KAAK,mCAAmC,EACxC,KAAK,kCAAkC,EACvC,KAAK,mCAAmC,EACxC,KAAK,oCAAoC,EACzC,KAAK,yCAAyC,EAC9C,KAAK,2CAA2C,EAChD,KAAK,8CAA8C,EACnD,KAAK,6CAA6C,EAClD,KAAK,kCAAkC,EACvC,KAAK,kCAAkC,EACvC,KAAK,mCAAmC,EACxC,KAAK,yCAAyC,EAC9C,KAAK,oCAAoC,EACzC,KAAK,uCAAuC,GAC7C,MAAM,gCAAgC,CAAC;AAIxC,OAAO,KAAK,iBAAiB,MAAM,8BAA8B,CAAC;AAClE,OAAO,EACL,0CAA0C,EAC1C,SAAS,EACT,yCAAyC,EACzC,+BAA+B,EAC/B,sCAAsC,EACtC,yCAAyC,EACzC,qCAAqC,EACrC,0BAA0B,EAC1B,wBAAwB,EACxB,yBAAyB,EACzB,KAAK,+BAA+B,EACpC,KAAK,iCAAiC,EACtC,KAAK,iCAAiC,EACtC,KAAK,gCAAgC,EACrC,KAAK,kCAAkC,EACvC,KAAK,6BAA6B,EAClC,KAAK,8BAA8B,EACnC,KAAK,gCAAgC,EACrC,KAAK,+BAA+B,EACpC,KAAK,iCAAiC,EACtC,KAAK,uCAAuC,EAC5C,KAAK,4BAA4B,EACjC,KAAK,8BAA8B,EACnC,KAAK,6BAA6B,EAClC,KAAK,2BAA2B,EAChC,KAAK,iCAAiC,EACtC,KAAK,4BAA4B,GAClC,MAAM,8BAA8B,CAAC;AAEtC,OAAO,EACL,uBAAuB,EACvB,iBAAiB,EACjB,KAAK,oBAAoB,EACzB,KAAK,YAAY,EACjB,KAAK,kBAAkB,EACvB,KAAK,wBAAwB,EAC7B,KAAK,YAAY,EACjB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,6BAA6B,EAClC,KAAK,oBAAoB,EACzB,KAAK,wBAAwB,EAC7B,KAAK,yBAAyB,EAC9B,KAAK,yBAAyB,EAC9B,KAAK,6BAA6B,EAClC,KAAK,+BAA+B,EACpC,KAAK,4BAA4B,EACjC,KAAK,+BAA+B,EACpC,KAAK,6BAA6B,EAClC,KAAK,6BAA6B,EAClC,KAAK,mCAAmC,EACxC,KAAK,aAAa,EAClB,KAAK,sBAAsB,EAC3B,KAAK,mBAAmB,EACxB,KAAK,uBAAuB,EAC5B,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,mBAAmB,EACxB,KAAK,0BAA0B,EAC/B,KAAK,eAAe,GACrB,MAAM,YAAY,CAAC"}

package/dist/index.js

@@ -0,0 +1,34 @@
+// Public surface of @oscharko-dev/keiko-evidence (ADR-0010 D12 + ADR-0019). Re-exports the public
+// evidence surface — the builder, the persist orchestration, the redactor, the store port +
+// adapters, aggregation, the index/list API, retention, the report, runId validation, side-file
+// writing, and the workflow-evidence mapping — alongside the package version constant. The layer
+// does NOT export a bare `summarizeForAudit` or `redact` (it composes them internally).
+export { KEIKO_EVIDENCE_VERSION } from "./version.js";
+export { buildEvidenceManifest } from "./build.js";
+export { persistEvidence } from "./persist.js";
+export { createAuditRedactor, deepRedactStrings } from "./redaction.js";
+export { aggregateUsage } from "./aggregate.js";
+export { listEvidence, loadEvidence } from "./index-api.js";
+export { applyRetention } from "./retention.js";
+export { buildEvidenceReport, renderEvidenceReport } from "./report.js";
+export { assertValidRunId } from "./runid.js";
+export { buildWorkflowManifest, foldWorkflowUsage, persistWorkflowEvidence, } from "./workflow-evidence.js";
+export { persistConnectedContextEvidence, } from "./connected-context-evidence.js";
+export { createInMemoryEvidenceStore, createNodeEvidenceStore, DEFAULT_EVIDENCE_DIR, resolveEvidenceDir, } from "./store.js";
+export { writeSideFile, } from "./side-file.js";
+export { AUDIT_CODES, AuditError, EvidenceReadError, EvidenceSchemaError, EvidenceWriteError, InvalidRunIdError, } from "./errors.js";
+// QualityIntelligence sub-module (Issue #274, ADR-0023 D8). Mirrors the contracts barrel layout —
+// callers may use it either as a namespace import
+// (`import { QualityIntelligence } from '@oscharko-dev/keiko-evidence'`) OR as a flat
+// import of the public surface (`import { recordQualityIntelligenceRun, ... } from
+// '@oscharko-dev/keiko-evidence'`). The flat re-exports below mirror what the
+// `QualityIntelligence` namespace exposes — flat-named symbols are added per ADR-0019
+// trust rule 6 to let downstream consumers (Issue #273 workflow runners, future
+// orchestrators) avoid namespace plumbing in hot paths.
+export * as QualityIntelligence from "./qualityIntelligence/index.js";
+export { QUALITY_INTELLIGENCE_DEFAULT_RETENTION_PROFILE_ID, QUALITY_INTELLIGENCE_EVIDENCE_SCHEMA_VERSION, QUALITY_INTELLIGENCE_RETENTION_PROFILES, appendQualityIntelligenceExportRow, applyQualityIntelligenceRetention, createInMemoryQualityIntelligenceLocalStore, createNodeQualityIntelligenceLocalStore, deleteQualityIntelligenceRun, enforceQualityIntelligenceRetentionPolicy, getQualityIntelligenceRetentionProfile, listQualityIntelligenceRuns, loadQualityIntelligenceRun, quarantineCorruptQualityIntelligenceManifest, recordQualityIntelligenceRun, recordQualityIntelligenceCandidates, loadQualityIntelligenceCandidates, deleteQualityIntelligenceCandidates, applyQualityIntelligenceCandidateEdit, QUALITY_INTELLIGENCE_CANDIDATES_SCHEMA_VERSION, createNodeContainedJsonArtifactStore, redactQualityIntelligenceEvidence, snapshotQualityIntelligenceRunsForRecovery, validateQualityIntelligenceEvidenceManifest, FIGMA_SNAPSHOT_SCHEMA_VERSION, validateFigmaSnapshotRecord, createNodeFigmaSnapshotStore, enforceFigmaSnapshotRetention, DEFAULT_FIGMA_SNAPSHOT_MAX_RECORDS, } from "./qualityIntelligence/index.js";
+// PromptEnhancement sub-module (Epic #1307, Issue #1313; ADR-0044 §1/§5). Same dual surface as the
+// QualityIntelligence module: a `PromptEnhancement` namespace import plus flat-named re-exports.
+export * as PromptEnhancement from "./promptEnhancement/index.js";
+export { PROMPT_ENHANCEMENT_EVIDENCE_SCHEMA_VERSION, PE_SUBDIR, validatePromptEnhancementEvidenceManifest, redactPromptEnhancementEvidence, buildPromptEnhancementEvidenceManifest, createInMemoryPromptEnhancementLocalStore, createNodePromptEnhancementLocalStore, recordPromptEnhancementRun, loadPromptEnhancementRun, listPromptEnhancementRuns, } from "./promptEnhancement/index.js";
+export { EVIDENCE_SCHEMA_VERSION, DEFAULT_RETENTION, } from "./types.js";

package/dist/persist.d.ts

@@ -0,0 +1,9 @@
+import { type EvidenceReport } from "./report.js";
+import type { EvidenceBuildInput, EvidenceDeps, EvidenceManifest, RetentionPolicy } from "./types.js";
+export interface PersistResult {
+    readonly manifest: EvidenceManifest;
+    readonly location: string;
+    readonly report: EvidenceReport;
+}
+export declare function persistEvidence(input: EvidenceBuildInput, deps: EvidenceDeps, retention?: RetentionPolicy): PersistResult;
+//# sourceMappingURL=persist.d.ts.map

package/dist/persist.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"persist.d.ts","sourceRoot":"","sources":["../src/persist.ts"],"names":[],"mappings":"AAgBA,OAAO,EAAuB,KAAK,cAAc,EAAE,MAAM,aAAa,CAAC;AAGvE,OAAO,KAAK,EACV,kBAAkB,EAClB,YAAY,EACZ,gBAAgB,EAChB,eAAe,EAChB,MAAM,YAAY,CAAC;AAGpB,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,cAAc,CAAC;CACjC;AAOD,wBAAgB,eAAe,CAC7B,KAAK,EAAE,kBAAkB,EACzB,IAAI,EAAE,YAAY,EAClB,SAAS,GAAE,eAAmC,GAC7C,aAAa,CAgBf"}

package/dist/persist.js

@@ -0,0 +1,40 @@
+// Top-level orchestration (ADR-0010 D11, D9): build -> deep re-redact (defense in depth) ->
+// store.put -> applyRetention -> buildEvidenceReport. This is the single entry the CLI and the SDK
+// call to write evidence. It is the supported SDK persist entry (the harness is NOT modified — the
+// reuse-unchanged rule is absolute; AC #6 "SDK runs write evidence" is satisfied here and at the CLI
+// layer, not by editing runAgent).
+//
+// Defense-in-depth redaction (coordinator refinement, replacing the ADR's serialized-string pass):
+// the builder is redacted-by-construction (primary), and this layer re-applies the redactor to EVERY
+// STRING LEAF of the assembled manifest object via a generic deep walk BEFORE JSON.stringify. This is
+// idempotent and cannot break JSON structure (a serialized-string re-redaction could miss
+// JSON-escaped secrets and risk corrupting the document). It catches a secret smuggled in through a
+// verbatim-embedded summary (context/verification) that the builder does not itself redact.
+import { isAbsolute, resolve } from "node:path";
+import { buildEvidenceManifest } from "./build.js";
+import { createAuditRedactor, deepRedactStrings } from "./redaction.js";
+import { buildEvidenceReport } from "./report.js";
+import { applyRetention } from "./retention.js";
+import { createNodeEvidenceStore, resolveEvidenceDir } from "./store.js";
+import { DEFAULT_RETENTION } from "./types.js";
+function defaultEvidenceDir(input, env) {
+    const configured = resolveEvidenceDir(undefined, env);
+    return isAbsolute(configured) ? configured : resolve(input.manifest.workingDirectory, configured);
+}
+export function persistEvidence(input, deps, retention = DEFAULT_RETENTION) {
+    const env = deps.env ?? {};
+    // The builder is already redacted-by-construction (incl. the deep-redact of embedded summaries);
+    // re-apply the redactor over every string leaf here as IDEMPOTENT defense in depth, so a builder
+    // bug that missed a field still cannot persist a secret.
+    const manifest = buildEvidenceManifest(input, deps);
+    const redact = createAuditRedactor(input.redaction ?? {}, env);
+    const safeManifest = deepRedactStrings(manifest, redact);
+    const json = JSON.stringify(safeManifest, null, 2);
+    // C5/AC#6: with no explicit store, persist to the predictable local node store (resolved dir incl.
+    // KEIKO_EVIDENCE_DIR), NOT an in-memory store that would silently discard the evidence. Tests
+    // inject createInMemoryEvidenceStore explicitly so they never write to the repository tree.
+    const store = deps.store ?? createNodeEvidenceStore(defaultEvidenceDir(input, deps.env));
+    const location = store.put(safeManifest.run.runId, json);
+    applyRetention(store, retention);
+    return { manifest: safeManifest, location, report: buildEvidenceReport(safeManifest, location) };
+}

package/dist/promptEnhancement/index.d.ts

@@ -0,0 +1,7 @@
+export { PROMPT_ENHANCEMENT_EVIDENCE_SCHEMA_VERSION, validatePromptEnhancementEvidenceManifest, } from "./manifestSchema.js";
+export type { PromptEnhancementEvidenceStatus, PromptEnhancementRedactionSummary, PromptEnhancementCandidateScoreRow, PromptEnhancementSafetyRecord, PromptEnhancementModelMetadata, PromptEnhancementIntegrityHashes, PromptEnhancementManifestTotals, PromptEnhancementEvidenceManifest, PromptEnhancementSchemaValidationResult, } from "./manifestSchema.js";
+export { redactPromptEnhancementEvidence } from "./redaction.js";
+export type { PromptEnhancementRedactionOptions, PromptEnhancementRedactionResult, } from "./redaction.js";
+export { PE_SUBDIR, buildPromptEnhancementEvidenceManifest, createInMemoryPromptEnhancementLocalStore, createNodePromptEnhancementLocalStore, recordPromptEnhancementRun, loadPromptEnhancementRun, listPromptEnhancementRuns, } from "./store.js";
+export type { PromptEnhancementRecordInput, PromptEnhancementRecordOptions, PromptEnhancementRecordResult, PromptEnhancementLocalStore, PromptEnhancementNodeStoreOptions, PromptEnhancementLoadOptions, } from "./store.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/promptEnhancement/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/promptEnhancement/index.ts"],"names":[],"mappings":"AAMA,OAAO,EACL,0CAA0C,EAC1C,yCAAyC,GAC1C,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,+BAA+B,EAC/B,iCAAiC,EACjC,kCAAkC,EAClC,6BAA6B,EAC7B,8BAA8B,EAC9B,gCAAgC,EAChC,+BAA+B,EAC/B,iCAAiC,EACjC,uCAAuC,GACxC,MAAM,qBAAqB,CAAC;AAG7B,OAAO,EAAE,+BAA+B,EAAE,MAAM,gBAAgB,CAAC;AACjE,YAAY,EACV,iCAAiC,EACjC,gCAAgC,GACjC,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,SAAS,EACT,sCAAsC,EACtC,yCAAyC,EACzC,qCAAqC,EACrC,0BAA0B,EAC1B,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,YAAY,CAAC;AACpB,YAAY,EACV,4BAA4B,EAC5B,8BAA8B,EAC9B,6BAA6B,EAC7B,2BAA2B,EAC3B,iCAAiC,EACjC,4BAA4B,GAC7B,MAAM,YAAY,CAAC"}

package/dist/promptEnhancement/index.js

@@ -0,0 +1,10 @@
+// Public barrel for the PromptEnhancement sub-module of `@oscharko-dev/keiko-evidence`
+// (Epic #1307, Issue #1313; ADR-0044 §1/§5). Re-exports the manifest schema, the redactor, and the
+// local-store + builder API. The package barrel re-exports this directory under the
+// `PromptEnhancement` namespace plus flat-named symbols, mirroring the QualityIntelligence layout.
+// ─── Manifest schema ─────────────────────────────────────────────────────────────────
+export { PROMPT_ENHANCEMENT_EVIDENCE_SCHEMA_VERSION, validatePromptEnhancementEvidenceManifest, } from "./manifestSchema.js";
+// ─── Redaction ───────────────────────────────────────────────────────────────────────
+export { redactPromptEnhancementEvidence } from "./redaction.js";
+// ─── Local-state store + builder + CRUD ────────────────────────────────────────────
+export { PE_SUBDIR, buildPromptEnhancementEvidenceManifest, createInMemoryPromptEnhancementLocalStore, createNodePromptEnhancementLocalStore, recordPromptEnhancementRun, loadPromptEnhancementRun, listPromptEnhancementRuns, } from "./store.js";

package/dist/promptEnhancement/manifestSchema.d.ts

@@ -0,0 +1,71 @@
+import type { GroundingDirective, LeastPrivilegeConstraint, PromptSafetyDecision, PromptSafetyVerificationStatus, PromptSafetyViolationCode } from "@oscharko-dev/keiko-contracts";
+export declare const PROMPT_ENHANCEMENT_EVIDENCE_SCHEMA_VERSION: 2;
+export type PromptEnhancementEvidenceStatus = "validated" | "requires-human-review" | "rejected";
+export interface PromptEnhancementRedactionSummary {
+    readonly totalStringsScanned: number;
+    readonly stringsRedacted: number;
+    readonly patternsMatched: Readonly<Record<string, number>>;
+}
+export interface PromptEnhancementCandidateScoreRow {
+    readonly candidateId: string;
+    readonly profile: string;
+    readonly aggregateScore: number;
+    readonly estimatedTokens: number;
+    readonly selected: boolean;
+}
+export interface PromptEnhancementSafetyRecord {
+    readonly decision: PromptSafetyDecision;
+    readonly verificationStatus: PromptSafetyVerificationStatus;
+    readonly requiresHumanReview: boolean;
+    readonly findingCodes: readonly PromptSafetyViolationCode[];
+    readonly leastPrivilege: readonly LeastPrivilegeConstraint[];
+}
+export interface PromptEnhancementModelMetadata {
+    readonly deterministic: boolean;
+    readonly modelId?: string;
+    readonly profile?: string;
+}
+export interface PromptEnhancementIntegrityHashes {
+    readonly enhancedOutput: string;
+    readonly appliedRules: string;
+    readonly candidateScores: string;
+    readonly record: string;
+}
+export interface PromptEnhancementManifestTotals {
+    readonly candidateScores: number;
+    readonly appliedSafetyRules: number;
+    readonly assumptions: number;
+    readonly safetyFindings: number;
+}
+export interface PromptEnhancementEvidenceManifest {
+    readonly peEvidenceSchemaVersion: typeof PROMPT_ENHANCEMENT_EVIDENCE_SCHEMA_VERSION;
+    readonly runId: string;
+    readonly recordedAt: string;
+    readonly requestId: string;
+    readonly status: PromptEnhancementEvidenceStatus;
+    readonly inputRedactedFingerprintSha256: string;
+    readonly inputExcerptRedacted: string;
+    readonly enhancedPromptId: string;
+    readonly enhancedPromptTextRedacted: string;
+    readonly appliedSafetyRules: readonly string[];
+    readonly appliedGroundingDirectives: readonly GroundingDirective[];
+    readonly assumptions: readonly string[];
+    readonly candidateScores: readonly PromptEnhancementCandidateScoreRow[];
+    readonly safety: PromptEnhancementSafetyRecord;
+    readonly modelMetadata: PromptEnhancementModelMetadata;
+    readonly redactionSummary: PromptEnhancementRedactionSummary;
+    readonly integrityHashes: PromptEnhancementIntegrityHashes;
+    readonly totals: PromptEnhancementManifestTotals;
+}
+export interface PromptEnhancementSchemaValidationResult {
+    readonly ok: boolean;
+    readonly reason: string | undefined;
+}
+/**
+ * Strict-schema gate for a deserialised Prompt Enhancement evidence record. Validates the
+ * schema-version literal, the closed set of top-level keys, and the status enum. Counts/integrity
+ * correctness is orthogonally enforced by the builder before persist and re-checked on read by the
+ * store.
+ */
+export declare function validatePromptEnhancementEvidenceManifest(value: unknown): PromptEnhancementSchemaValidationResult;
+//# sourceMappingURL=manifestSchema.d.ts.map

package/dist/promptEnhancement/manifestSchema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifestSchema.d.ts","sourceRoot":"","sources":["../../src/promptEnhancement/manifestSchema.ts"],"names":[],"mappings":"AAcA,OAAO,KAAK,EACV,kBAAkB,EAClB,wBAAwB,EACxB,oBAAoB,EACpB,8BAA8B,EAC9B,yBAAyB,EAC1B,MAAM,+BAA+B,CAAC;AASvC,eAAO,MAAM,0CAA0C,EAAG,CAAU,CAAC;AAGrE,MAAM,MAAM,+BAA+B,GAAG,WAAW,GAAG,uBAAuB,GAAG,UAAU,CAAC;AAUjG,MAAM,WAAW,iCAAiC;IAChD,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC;IACrC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CAC5D;AAKD,MAAM,WAAW,kCAAkC;IACjD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;CAC5B;AAGD,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,CAAC,QAAQ,EAAE,oBAAoB,CAAC;IACxC,QAAQ,CAAC,kBAAkB,EAAE,8BAA8B,CAAC;IAC5D,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,QAAQ,CAAC,YAAY,EAAE,SAAS,yBAAyB,EAAE,CAAC;IAC5D,QAAQ,CAAC,cAAc,EAAE,SAAS,wBAAwB,EAAE,CAAC;CAC9D;AAID,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC;CAC3B;AAGD,MAAM,WAAW,gCAAgC;IAC/C,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;IAChC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,+BAA+B;IAC9C,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IACjC,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,cAAc,EAAE,MAAM,CAAC;CACjC;AAaD,MAAM,WAAW,iCAAiC;IAChD,QAAQ,CAAC,uBAAuB,EAAE,OAAO,0CAA0C,CAAC;IACpF,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,UAAU,EAAE,MAAM,CAAC;IAC5B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,MAAM,EAAE,+BAA+B,CAAC;IAEjD,QAAQ,CAAC,8BAA8B,EAAE,MAAM,CAAC;IAChD,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IAEtC,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,0BAA0B,EAAE,MAAM,CAAC;IAE5C,QAAQ,CAAC,kBAAkB,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/C,QAAQ,CAAC,0BAA0B,EAAE,SAAS,kBAAkB,EAAE,CAAC;IAEnE,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;IAExC,QAAQ,CAAC,eAAe,EAAE,SAAS,kCAAkC,EAAE,CAAC;IAExE,QAAQ,CAAC,MAAM,EAAE,6BAA6B,CAAC;IAE/C,QAAQ,CAAC,aAAa,EAAE,8BAA8B,CAAC;IACvD,QAAQ,CAAC,gBAAgB,EAAE,iCAAiC,CAAC;IAC7D,QAAQ,CAAC,eAAe,EAAE,gCAAgC,CAAC;IAC3D,QAAQ,CAAC,MAAM,EAAE,+BAA+B,CAAC;CAClD;AA0BD,MAAM,WAAW,uCAAuC;IACtD,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS,CAAC;CACrC;AAiSD;;;;;GAKG;AACH,wBAAgB,yCAAyC,CACvD,KAAK,EAAE,OAAO,GACb,uCAAuC,CAoBzC"}